bto solicitors - Corporate & Commercial Business Lawyers Glasgow Edinburgh Scotland

  • "really fights your corner..."
    "really fights your corner..." Chambers UK
  • "Consistently high-quality work and client-friendly approach."
    "Consistently high-quality work and client-friendly approach." Chambers UK

The shifting sands of data protection

10 March 2023

The law is often criticised as being outdated and archaic. As a profession we often rely on statutes and case law which are many years old and which haven’t been amended for long periods of time – not a criticism that can be levelled at data protection law.

In fact, many organisations struggle to make sense of the constantly changing data protection regime and how best to comply. The introduction of EU GDPR, the Data Protection Act 2018, UK GDPR and the wider implications of Brexit on data protection compliance have caused uncertainty about exactly what organisations need to do, and when. For those organisations that send personal data overseas, the road to compliance has been particularly bumpy.

Lynn Richmond
Lynn Richmond
Partner

Further proposed changes in the form of the Data Protection and Digital Information Bill were also formally shelved on 8 March 2023 when the Bill was withdrawn and replaced by the Data Protection and Digital Information (No. 2) Bill. According to the UK Government press release “the new regime [is] built on the UK’s high standards for data protection and privacy, and seeks to ensure data adequacy while moving away from the ‘one-size-fits-all’ approach of European Union’s GDPR”. In contrast to some EU legislation the Bill places emphasis on the value of personal data to UK business. It remains to be seen how data privacy and business needs will be balanced in practice, but the change in mood music is clear.

While the raft of changes to data protection legislation over the last 5 years has presented challenges for organisations trying to comply with data protection law, it is also interesting to note the change of tack from the Information Commissioner’s Office and how this will affect individuals concerned about the way in which their data has been used.

In a speech given on 8 March by the Information Commissioner, he referred to a number of key areas where the ICO has “done a lot over the past year to make a difference to those we regulate”. The Commissioner was clear that this also meant that “we’ve also had to stop doing some things, to ensure we can focus our attentions and effort on the issues that matter most to people. We needed to be more conscious of the choices we were making and the consequences of these. Part of this means being more deliberate about what we investigate”.

The indication seems to be that individual complaints about isolated incidents will not be a priority. With limited resources and an increasingly data rights aware society, it is inevitable that the ICO cannot investigate every complaint made, however, that will be of little comfort to individuals who feel they are without recourse, particularly those without the resources to litigate.

A date for the second reading of the No.2 Bill has yet to be fixed but no doubt further changes to the UK’s data protection regime are on the horizon.

Lynn Richmond, Partner lyr@bto.co.uk / 0131 222 2939

Related Links

“The level of service has always been excellent, with properly experienced solicitors dealing with appropriate cases" Legal 500

Contact BTO

Glasgow

  • 48 St. Vincent Street
  • Glasgow
  • G2 5HS
  • T:+44 (0)141 221 8012
  • F:+44 (0)141 221 7803

Edinburgh

  • One Edinburgh Quay
  • Edinburgh
  • EH3 9QG
  • T:+44 (0)131 222 2939
  • F:+44 (0)131 222 2949

Sectors

Services